Britain's nuclear weapons can never be made completely safe from cyber attack, raising “serious questions about the longer-term efficacy of the UK nuclear deterrent”, according to a new report from an international security think tank.
The reliance of the UK's Trident nuclear weapons system on numerous computers, complex software and sophisticated coding means it “must be assumed to be vulnerable to interference in some way”, says the report, written by Dr Andrew Futter, Senior Lecturer in International Politics at the University of Leicester, for the European Leadership Network.
The report warns that potential for an enemy to interfere with key computing systems at the procurement or maintenance phase is “clearly a serious issue”. As well as the possibility of disruption of a submarine's missile launch system, reactor, or navigation system, the report points out that many other far more mundane systems which are controlled by computers – such as the fresh water supply or sanitation system – could be targeted to cause “considerable trouble” for the submarine and cause it to return to port and end its patrol prematurely.
Cyber techniques could also be used to interfere with communications to a submarine by jamming or preventing the exchange of information, or “spoofing” the submarines with misleading or incorrect information. The report cites evidence that there have already been attempts to compromise extremely low-frequency radio communications used to send launch approval messages to US nuclear-armed submarines in the past, warning that: “It must be assumed that the same is true for the communications hub for British SSBNs based at Northwood in the Chiltern Hills.”
The biggest challenge, although less catastrophic than other possible scenarios, is the risk that sensitive design or operational secrets, such as discovery of the patrol area used by British submarines, could be stolen by cyber-espionage.
The report concludes that “it will never be possible to say that the UK nuclear deterrent is entirely safe from cyber attack, or that it cannot be compromised or undermined in some other way in the future”. Rigorous testing, security practices, and professionalism “should help mitigate the worse-case cyber scenarios”, but many of the other challenges “will simply have to be managed”.
Former Defence Secretary Lord Des Browne has cautioned that Trident’s effectiveness can no longer be taken as assured. “Cyber attacks are already able to undermine the reliability of our nuclear command, control and communications,” he says. “No longer can we guarantee that the weapons will work as we designed them to do when we reach for them.”
In November 2015 Lord Browne highlighted a US Department of Defense report which warned that the US and its allies “cannot be confident” that their defence systems would be able to survive an “attack from a sophisticated and well-resourced opponent utilising cyber-capabilities in combination with all of their military and intelligence capabilities”.
Browne warned that the UK's nuclear weapons could "be rendered obsolete by hackers" and called for an assessment of the risks involved. He said that the government has an obligation to ensure “that all of the systems of the nuclear deterrent have been assessed end-to-end against cyber attacks to understand possible weak spots and that those weak spots are protected against a high-tier cyber threat”. If they are unable do this “then there is no guarantee that we will have a reliable deterrent or the prime minister will be able to use this system when he needs to reach for it.”
The Ministry of Defence maintains that Trident “remains safe and secure”. A spokesperson said: “Submarines operate in isolation by design, and this contributes to their cyber resilience. We take our responsibility to maintain a credible nuclear deterrent extremely seriously and continually assess the capability of our submarines to ensure their operational effectiveness, including against threats from cyber and unmanned vehicles.”